Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Nate the greatest submits news of a claim that a recently released ebook application from Hamstersoft is actually built from code lifted from calibre, the ebook library app. He writes "It turns out that one calibre contributor is now reporting that his code was pirated for Hamstersoft. You can find the full details over on John Schember's blog. It's technically complicated and quite long. You can also find a non-technical summary. The short-short version is that Hamstersoft needs to give away a complete source code for the Hamstersoft Ebook Converter because that app uses parts of calibre, which is licensed under GPL v3. John gave Hamstersoft a month to comply and they did not. Now that app is clearly a GPL violation."

Queue the GPL critics praising the BSD license. The short-short-short of it is that if these fuckers didn't want to have to abide by the GPL3 license, they shouldn't have been lazy pieces of worthless stealing shit and wrote their own fucking code.

Um what? GPL, BSD, WTFPL whatever, it's still a license breach and GPL vs. BSD has nothing to do it. We argue that GPL doesn't achieve it's stated goals regarding freedom, how does that relate to someone breaching a license? That it wouldn't have occurred under BSD? So what? It's not BSD licensed and it's clear by picking the GPL that the author wants the things the GPL provides which the author has every right to do, even a BSD fanboi can't argue with that. You're post is flamebait.

For example, AVR libc is under BSD license. Many AVR microcontrollers are flashed with programs that have been compiled with AVR-GCC and contain some code from AVR libc.

Bad example. Linking a C program against a libc does not include enough code to make the program a derivative work of the libc; they are not bound to distribute the final product under the BSD license despite using a BSD licensed compiler.

Only the libc itself needs to be distributed in accordance with the terms of the license, if th

Unless you are on slashdot. Then it matters who you are. If you are a record company people should not respect any of your licenses, copyrights, etc. If you are Adobe, people should just take your stuff (break your copyright, etc.). If you are a GPL code author than anyone who breaks your copyright is evil incarnate and must be sued into oblivion. Let's just admit we have a double standard on this and move on.

The GPL works much like modern society, in that it takes away some individual freedoms that when exercised by the few, would be extremely detrimental to the many...

In the case of society, there are laws against murder, slavery, etc... If you gave people absolute freedom then the strong would rapidly subjugate the weak, and then the weaker people would no longer have any freedoms at all.

GPL works much the same way, by ensuring that everyone remains equal. With a BSD like li

Hamstersoft doesn't appear in the Wayback Machine, but Google's cached version [googleusercontent.com] is dated August 6th and includes the download link. Both the linked accusations are from the last couple of days, so it looks very much like while John Schember may have correctly accused Hamstersoft over a month ago he forgot to check the download page before publicly spouting off on his blog.

Scratch that. You need to go to the original blog post to get the facts, but John's post claims Hamstersoft hasn't posted all the code, as required by GPL3. I guess that means it's torches and pitchforks after all.

i think you're right, this is not a gpl violation, according to their server the source code zip archive was uploaded (and possibly also made available) on july 21. This includes the source code for that dll file.

actually...scratch that.. i looked through the zip file again, the source code for the UI dll (HamsterEbookConverterUI.dll) doesn't appear directly as a source file... maybe it's generated by another source file?

We all know you shouldn't steal public property for personal profit, and this theft wasn't unique or creative in any way. Where's the news?

This isn't really any different than stories about random violent crimes or bad weather in other states. It's not relevant to your life, it doesn't teach you anything you didn't know already, and it's only purpose is to generate page views. It's not like I don't care about protecting GPL or preventing corporate malfeasance, I just question how this story tells me anyth

It's important because, while we know that ripping off GPL software is a rampant practice, it is not always so easy to bring the people who do that back into compliance. We've had numerous stories posted on/. about people who know that their code is being stolen, but they don't have the legal and/or financial resources to fight back.

What use is the GPL to people who don't have the resources to enforce it? That's why this is an important story.

Because the only way to combat stuff like this is through vigilance, and you cannot be vigilant if you don't know it is happening.

One of the reasons the world isn't better than it is, is because of people like you who think that if it doesn't have some kind of novel entertainment value, then it's not important. Maybe if people tried a little harder to care about things in between episodes of American Idol, our cities and countries wouldn't be ruled by obnoxious tools.

Oh shove off you self righteous little twit. I'm hardly demanding that news be entertaining. I'm simply saying that seeing the same damn story five times a week isn't necessary; I remember that license violations are rampant without slashdot shoving down my throat every god damn day.

Yahoo was the first to respond. They said they get all of their search results from Microsoft via Bing and referred me to Microsoft. So no luck there.

I don't care who they get their search results from. They are the site provider and are responsible for following the DMCA. Failure to do so will strip them of their safe harbor provisions and open them up to liability alongside Hamstersoft.

Unless Yahoo is hosting the files, why on Earth should they be responsible for refusing to change their search results? The last thing we need is for search providers to drop results just because they're illegal.

They're a search engine, the cases where that was found to be the case were dealing with specialist sites that specifically provided links to copyright materials rather than just a generalized search engine.

Neither Yahoo nor MS has anyways of knowing whether any of the information is in violation of copyright law. I doubt very much that the courts are going to find otherwise should it come to that.

The source code, design, and structure of HAMSTER free software are trade secrets except software licensed under GNU GPL 3.0, LGPL, MPL, BSD-licensed or Free components used to compile. You will not disassemble, decompile, or reverse engineer it, in whole except to the extent expressly permitted by law or except GNU GPL 3.0, LGPL, MPL, BSD-licensed or Free components used to compile HAMSTER free software. You will not use HAMSTER free software for illegal purposes. You will comply with all export laws. HAMSTER free software is licensed, not sold.

---

Sorry guys, you can't have GPL'd code and trade secrets in one piece of software.

Not to mention trade secrets have no protection under law, in fact that's why copyright law exists in the first place.

Never say never.

Approximately 40 states have adopted the model Uniform Trade Secrets Act (USTA). The USTA defines a trade secret as "information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."

The USTA specifies remedies for violation of trade secrets including injunctions, damages, and attorney's fees. It also gives courts the authority to grant protective orders to ensure the secrecy of a trade secret during the discovery phase of litigation, and prevents disclosure of confidential information by witnesses.

Federal Protection for Trade Secrets

The Economic Espionage Act of 1996 federally criminalizes the theft or misappropriation of trade secrets under two key provisions. The first makes it illegal to steal trade secrets for the benefit foreign powers; the second, makes it illegal to steal trade secrets for commercial or economic purposes regardless of who benefits.

The reverse engineering of software faces considerable legal challenges due to the enforcement of anti reverse engineering licensing provisions and the prohibition on the circumvention of technologies embedded within protection measures. By enforcing these legal mechanisms, courts are not required to examine the reverse engineering restrictions under federal intellectual property law. In circumstances involving anti reverse engineering licensing provisions, courts must first determine whether the enforcement of these provisions within contracts are preempted by federal intellectual property law considerations. Under DMCA claims involving the circumvention of technological protection systems, courts analyze whether or not the reverse engineering in question qualifies under any of the exemptions contained within the law.

Sorry guys, you can't have GPL'd code and trade secrets in one piece of software.

AND distribute the software AND not commit copyright infringement. You can of course use GPL'd code to build software that you use only internally without distribution; there is no requirement to give the source code to anyone, so the source code could contain trade secrets. And you can of course keep the source code secret and distribute the application; the distribution is of course copyright infringement.

I'm a good friend of John, the blog post author, and have been working with him throughout this process in trying to unravel Hamstersoft's deceit. I want to make a few things pretty clear:

Yes, they posted a zip of code on a hard-to-find link. But they did something sneaky. They included the very short and trivial C# wrapper around Calibre, but they only included a compiled (well,.NET dll) binary blob of the bulk of the application code -- the user interface. And of course, since all the heavy lifting is in Calibre itself, this code is the most important part of the application. They went through pains to extract the source of the UI components and only include it publicly as already compiled. They even packaged it up in a nice Visual Studio Solution so that you can load it up and hit "compile" and you get the software. It looks, at first, like they've complied. But then you dig into the source code actually provided, and it becomes obvious that they haven't provided the majority of the code at all, but only the wrapper code and a few call outs to the provided compiled DLL.

Cheap trick.

The other thing to take notice of in John's post is that in fact the search engines and Facebook have hardly complied -- there are still search results and Facebook pages for this company. Now, you can debate and troll and bikeshed and argue the validity and ethics of the DMCA all you want, but the fact of the matter is that when the big companies want to use it against the small, it seems to work, but when some OSS devs want to take the case up with giant companies, the response is exceedingly lackluster. (Likely, this being on/. will change things, we'd hope...)

The final point to consider is what this all means for GPL and OSS. Hamstersoft is Russian, so good luck trying law suit or anything. But at the very least, shouldn't the OSS community have an army of lawyers willing to work probono, or financed by various foundations, for this kind of thing exactly? John mentioned he tried contacting one such organization, and was unsuccessful. He's told me that at another point, he got in contact with a lawyer from another place who didn't offer to do any work for him but vaguely suggested he send these notices to Google, Facebook, etc. That's pretty lackluster. I don't want to complain to loudly, but instead I just want to suggest that this issue call our attention to the bigger issue -- what institutions do we have in place to protect OSS software effectively as small OSS devs? Do such institutions work? In this case, thus far, they don't seem to be working.

This looks to me like the exact same situation of an application shelling out to a gpl'd app. This is allowed by the GPL, and is even explicitly allowed in the GPL faq IIRC.

There is a huge debate in the open source legal community as to whether DLL's are considered "derived works", and there's lots of law on both sides to support their case. This probably won't be solved until a legal case decides the issue. So, until that time, it's just a case of everyone having an opinion, and it's not a clear cut case of violation.

Not necessarily. Copyright law gives copyright holders certain exclusive rights, and (being a pure copyright license, not a EULA) the GPL can only restrict people from doing those things. One them is creating derivative works, however it is the courts (not the GPL/LGPL) that draw the line between what constitutes a derivative work and what is fair use. Like many fair use situations, that line is pretty fuzzy. The general consensus within the tech community is:

Derivative works is one of these grey areas that are improved in v3.
Section 5.c of the GPL v3 [gnu.org] states:

c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged.

So even if you keep the original work in a separate DLL, the whole must still be released under the GPL3.

So even if you keep the original work in a separate DLL, the whole must still be released under the GPL3.

...assuming the new work is covered by the GPL3, in which case it is the whole for which the old code is a part. However, if something is determined to be fair use then you don't need any license to do so, and no license can trump your fair use rights (a contract/EULA sometimes can).

This caveat is specifically spelled out in the definitions section of the GPL3:

To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work.

If the adaptation does not require copyright permission (ie is fair use), then section 5 (actually the whole license), does not apply.

Hamstersoft has two options: either immediately cease all distribution of the infringing binaries, or provide the full sources under one of the methods specified in the GPL.

No.... Hamstersoft has two options that would please the open source community.

Hamstersoft has a third option until forced to do otherwise: keep what they are doing; give it to their lawyers.
Dispute any infringement claims or wait to be sued/ordered by a judge to do something different.

One of my free (as in beer) desktop applications will create a calibre-friendly html export from a project. I leave it up to the user to download and install Calibre, and to manually import and convert this exported html file to their ebook of choice. It's not that hard to work things like this, even if it's another step for the user.
(Exporting to ebook is a very minor feature in my software, and I'm planning a proper epub export soon in any case.)

What the FSF believes the GPL means is not necessarily what a judge would interpret it to mean.

The article says they don't know if the binary builds are modified or not, so the claim that they are seems to have no substance to it. And, I believe the source download does include the Calibre source code unmodified.

The DMCA take-down notices are to be sent to the providers that are hosting the content. The search engines are not hosting this content, and sending them take-down notices is a heavy-handed abuse of the law.

So either John misunderstands the DMCA or is willfully abusing it. Either way it makes it a lot harder to sympathize with his attempt to address violation of copyright law, when he himself is willing to resort to the very behavior of other copyright abusers.

But at the very least, shouldn't the OSS community have an army of lawyers willing to work probono, or financed by various foundations, for this kind of thing exactly?

What exactly do you expect them to do? The offender is in Russia and is hosted in Russia. How is a small donation-funded organization supposed to enforce copyright in situations where even large well-funded companies like Microsoft have been unable to do so?

People sometimes get away with breaking the law, especially far away countries. It sucks, but it's life and you have to learn to accept it. The people who won't are exactly the ones that drive us further and further into a police state in their unending drive to "decrease crime", not understanding the trade-off they are making.

The DMCA take-down notices are to be sent to the providers that are hosting the content. The search engines are not hosting this content, and sending them take-down notices is a heavy-handed abuse of the law. So either John misunderstands the DMCA or is willfully abusing it.

Or perhaps you're the one without a clue. DMCA takedowns apply to both hosting and search engines. Read it yourself here [cornell.edu], I'll quote the most important bits:

(d) Information Location Tools. -- A service provider shall not be liable (...) for infringement of copyright by reason of the provider referring or linking users to an online location containing infringing material or infringing activity (...) if the service provider (...) upon notification of claimed infringement (...) responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity (...)

I don't want to complain to loudly, but instead I just want to suggest that this issue call our attention to the bigger issue -- what institutions do we have in place to protect OSS software effectively as small OSS devs? Do such institutions work? In this case, thus far, they don't seem to be working.

They're the same institutions which protect copyrights in general. So the answer is an emphatic "NO"! What did you expect?

You really want to get to them? Reverse-engineer their code and post the reconstruct

"in fact the search engines and Facebook have hardly complied -- there are still search results and Facebook pages for this company"

The DMCA doesn't require that links to the company be removed - it requires that the service provider stop their distribution of a copyrighted work. From TFA, it sounds like only Facebook had a direct download link to the copyrighted work, and that they assisted in its removal. As someone else mentioned, to make the download completely unavailable you would need to send a DMC

They can not be forced to disclose the source code. This is a common misconception about the GPL.

If a GPL violation goes to court, the judge can order the infringing party to stop the distribution and pay damages to the copyright owner, but he will not order the disclosure of the source code. The disclosure of the source code is only a gesture that most FOSS developers will accept to drop the charges.

Of course, if the software is only a thin layer of sugar around a core of GPL code, stopping the distributio

It depends on what you sue for. There is a thing called "specific performance," which is basically forcing the defendant to comply with the terms of the license or contract in cases where there is no adequate remedy in monetary damages. An injunction is also possible, and even likely, in copyright infringement cases.

They may claim they never signed/agreed to the GPL, and therefore aren't bound by any requirements of it.
Specific performance remedy is a type of equitable relief and requires a valid contract/agreement between the parties.

In that case, the plaintiff would have little choice but to pursue a copyright infringement claim, and specific performance would be off the table.

Without agreeing to the GPL, with the code copyrighted, and no license, there would be infringement...
so the remedy options would basic

Without agreeing to the GPL they are in intentional violation of copyright. The means (under US law) max statutory damages of several hundred thousand dollars PER distribution (which if they even distributed it a dozen times could be several million dollars) and the court will probably award punitive damages of up to 9 times the statutory damages for intentional infringement. If they sold a hundred copies of the software they could conceivably be hit with a hundred million dollars in statutory damages and p

I agree that it is just as stupid to refer to this as piracy as it is to refer to any other case of copyright infringement as piracy. Arr.

That said, this does appear to be a very clear-cut case of copyright infringement, and it's a for profit company trying to extract money for someone elses work here, *precisely* the sort of case where copyright law is most defensible.

They didn't steal anything - everyone still has the original code. No one lost anything. What they did was a copyright violation, not theft.

Before someone dislocates a shoulder throwing garlands of +1 Insightful mods at the above comment, take a moment and remember why GPL even exists. Because of copyright. This case is a very good example of why GPL is so important, and so worth preserving, because its purpose is to keep free software free.

Everytime when we're discussing people pirating proprietary software or games (or movies and music for that matter), people are saying copyrights should be removed and that it's somehow justified to pirate.

Not exactly. In general, the slashdot crowd is against software patents and DRM, which are a completely different matter. That, and the Disney copyright extension acts, which steal from the public domain.

The EULA for the free eBook converter now contains some extra stuff, such as:
"The source code of Hamster Free eBook Converter inherits GNU GPL 3.0 rights from Calibre. You may all operations with it permitted by law. GNU GPL 3.0 restrictions must be met. You will not use Hamster Free eBook Converter for illegal purposes. You will comply with all export laws. Hamster Free eBook Converter is licensed, not sold."
which looks like it was written hastily, and
"GNU GPL 3.0
Calibre source codes: http://code.goog [google.com]

But this makes me think of something I've been puzzling over for awhile now....WTF is wrong with BSD? Seriously, is it broken? Is it shit? Is it a hard to use incompatible mess, what?

Because I just don't get why if you don't want to play the GPL game you'd even bother with GPL code when BSD is right there. hell it is good enough for Apple, it was good enough for MSFT when they needed a temporary TCP/IP stack to get the original WIN NT out the door on time, so WTF? If these companies don't want to play the G

Actually, it's a myth that Microsoft used BSDL code. It's true, they used code from the Berkeley Standard Distribution of Unix, but this code predates the BSDL license and Microsoft paid for the license.

So, what they used was a non-BSDL licensed version of the code, and thus they did not have to conform to the BSDL license.

Actually, you are also only partially correct. While you're correct that Microsoft licensed the code in 1990, the copyrights on the code (as found via a strings search) shows the copyright date on the code is 1983. This is the code that Spider licensed from Berkeley, and it predates the BSD license. Spider was licensed to resell the code.

No it's not. If I make a piece of software and releases it under closed proprietary license no one would accuse it of being a virus, however if I opened it up just a bit and said that other people are free to use it just as long as they do the same then it's virus? Don't want to comply? Don't use it.

Besides, how would a commercial software company react if someone incorporated portions of their source code into their own product without complying with whatever terms they demanded?

What if someone took the source code to windows that was leaked a couple of years back, and used it to produce their own clone version? You don't think MS would go after then with every lawyer they could find for copyright infringement?

IP laws (in general, not all of them do) currently DO hold innovation. But those guys knowingly violated GPL licensed software because they were too lazy to write their own. I don't support him the same way I wouldn't support someone stealing code from a closed project to use in their product.

It's not hypocritical to believe in GPL and simultaneously despise the way intellectual property works in modern life.

I believe in intellectual property where it is public property, something distributed openly and protected from corporate schills who want to strangle the path of innovation lest it lead away from their business model. You can be anti-corporate and against 75 year copyright yet still believe in the value of short legal monopolies and in the good of clearly defining (and protecting) public property.

I feel about long-lasting intellectual property restraints the way I feel about jet fighters: in public hands, yes. In private hands, break out the pitchforks.

Licensing software under GPL would not hamper innovation or anything like that- you're free to use it however you like, as long as you keep it free. It's software patents, proprietary software and the like that slow innovation.

Stallman et al view the GPL as a transitional measure -- as long as copyrights exist, they need to use the system to protect themselves. Once it's gone (haha) they are well aware their GPL will be gone too. This is their plan.

Now I think they're crazy, but I get mildly annoyed at people who can't see beyond the length of their own nose thinking that if you are against an institution like copyright or patent then you are somehow morally bankrupt if you also use it. Patents in particular, you need defensively

Actually, no. The only way to enforce code sharing is via the GPL, and thus copyright. Without copyright, nobody would be forced to share their code, even if they took it from someone else.

Of course, you would be free to reverse engineer it, but it wouldn't be the same as what you get from the GPL. Basically, the entire concept of the FSF's idea of free software requires copyright in order to exist.

I approve of the GPL, but the copyright period is FAR too long. Of course, that's not the doing of the FSF, so don't blame them, but they could have thrown the code into public domain after five years. Or maybe ten.

Well, i would guess less than.01% of all software developers know assembly. So it's pretty rare, and it requires a lot more skill to master.

Don't CS programs still require assembly? I had to take a course in assembly as an undergrad, and also had to use assembly quite a bit in my compiler courses. 1 developer in 10,000 seems way too low. (For what it's worth, I've never met a really good developer who couldn't program in assembly. I don't mean that they recall all of the syntax of a particular assembly language; only that they can map high-level code to pseudo-assembly language.)

Considering that so many developers haven't gone through CS degrees, it's pretty easy to understand. There's lots of developers with no degree at all. There's lots of developers with degrees in other fields. There's lots of developers that too community college courses that don't provide a full CS discipline.

It's very easy to expect 1 in 10,000 knows assembler. In fact, of the 40 or 50 programmers I know personnaly, i'm the only one that knows assembler.

Huh? The same reasons would apply to not share the code. To make it harder for others to use your code to take money out of your pockets. If it becomes legal to reverse engineer and share the source code, then business will spend more effort protecting their code from reverse engineering.. making it even more obfuscated, encrypting it at multiple levels, etc...

On the other hand, largely because of the efforts of team MPAA, even the vaguest hints of something resembling copyright infringement are your authorization to more or less auto-DMCA the target whenever they poke their heads up in parts of the internet under US jurisdiction...

You mean other than the fact that the GPL mandates that the source be provided? I don't personally agree that people should be forced to release their own code because they borrowed somebody elses code, but the GPL does require that and so they have to do it.

If they don't want to, there are options, such as getting the license changed or not using the code. But, it is a violation of the terms of the license.

The GPL does not require all code in an application to be released, only when such code is considered a "derived work". There are lots of examples of how you can legally get around the GPL, such as by making the code into it's own executable and shelling out to it, or making it a web service, or any number of other physical seperations.

There's even a lot of dissent within the community as to whether DLL's are considered derived works. The FSF thinks they are, but lots of other lawys think they're not.

No, piracy is copying of content by RIAA or MPAA members or software from BSA members. Stealing GPL is good old American business sense unless you are a communist hippie terrorist child pornographer atheist.